The WATS NFC Metal Card is one of the most misunderstood objects in the WATS ecosystem. It looks like a cold wallet, it feels like a cold wallet, and the brushed-steel weight in your hand wants you to believe it is holding your private keys. It is not. Understanding precisely what this card does — and, just as importantly, what it does not do — is the single most useful thing you can learn before you tap it against your phone. This deep-dive walks through the chip, the contactless handshake, the physical build, how the card relates to the WATS Hot Wallet's dual-custody model, and the one scenario everyone worries about: losing it.
What the card is — and what it isn't
The WATS NFC Metal Card is a tap-to-authenticate companion. Its job is to authenticate access to your WATS wallet and to enable NFC tap-to-sign: you bring the card to your phone, the app reads it over the contactless interface, and that tap becomes a physical confirmation for an action you have already initiated inside the app.
What the card is not is equally important. It is not key storage. It is not a standalone cold wallet. There is no private key sitting inside the card waiting to be extracted, and you cannot use the card on its own — without the WATS app — to move funds. Your private keys live in the non-custodial WATS applications: the WATS mobile app and the WATS Chrome extension. The card never becomes the home of your keys, which is exactly why it can be thrown in a wallet, dropped in a drawer, or carried through an airport without that being the same thing as carrying your seed phrase around.
Think of the card as a key to a door, not the vault behind it. Tapping it proves you are present and authorised. The vault — your keys — stays in the non-custodial WATS apps, under your control, the whole time.
The chip and the handshake
Inside the metal body sits an embedded NTAG 216 chip, an NFC Forum Type 4 tag. The contactless interface follows ISO/IEC 14443 and operates at 13.56 MHz, the same proximity-card frequency used by transit passes and contactless payment cards. When you tap, the phone's NFC reader and the card complete a short contactless handshake, and that handshake is secured with AES-128 so the exchange between card and app cannot be trivially replayed or spoofed by a casual eavesdropper.
It is worth being plain about what this hardware is. The NTAG 216 with AES-128 is a secured NFC tag, not a private-key vault. The AES-128 encryption protects the contactless handshake — the authentication exchange — rather than guarding a secret signing key etched into silicon. We deliberately do not claim the card contains a certified secure element, and we do not market it as tamper-proof key-storage hardware, because it is neither. It is an honest, well-built authentication tag. Conflating "secured NFC tag" with "hardware key vault" is the most common mistake people make about cards like this one, and we would rather you understood the real threat model than be reassured by a label that does not apply.
Physical durability
Where the card genuinely earns its "metal" name is the physical build. The steel variant is engineered to survive far more than a paper backup or a printed plastic card ever could. It is rated IP68, meaning it can sit submerged at 1.5 m for 30 minutes without water ingress, and it is built to MIL-STD-810 tolerances across an operating range of -40 °C to +85 °C. It also carries EMI and radiation shielding, which matters for a contactless device you want to behave predictably and resist stray interference.
| Property | Specification |
|---|---|
| Water resistance | IP68 (submersible 1.5 m / 30 min) |
| Durability standard | MIL-STD-810, -40 °C to +85 °C |
| Shielding | EMI / radiation shielding |
| NFC chip | NTAG 216, NFC Forum Type 4 |
| Standard / frequency | ISO/IEC 14443, 13.56 MHz |
| Handshake encryption | AES-128 |
| Weight | Steel ~22 g / polycarbonate ~5 g |
The card ships in two materials: a brushed stainless-steel version that weighs around 22 g and feels like a premium object, and a lighter polycarbonate version at around 5 g for people who would rather carry something barely-there. Both run the same NTAG 216 chip and the same contactless behaviour — the choice is about weight and feel, not about how the authentication works.
Dual custody — the Hot Wallet model
Here is the part most people conflate, so let's separate it cleanly. Dual custody is a feature of the WATS Hot Wallet, not of the NFC card. They are two different security mechanisms that happen to live in the same ecosystem.
In the WATS Hot Wallet, control over your wallet is split across two keys: a user key that you hold and a WATS key held on the WATS side. The point of splitting it is simple — neither key can move funds on its own. A transaction needs both halves to cooperate, so a single compromised key is not enough to drain a wallet. That is the dual-custody model, and it is about how a transaction gets authorised, not about a piece of hardware.
The NFC card relates to this as an additional layer rather than a replacement for it. When you use the card, the tap adds a physical hardware confirmation step on top of your biometric unlock — Face ID or fingerprint gets you into the app, and the card tap is a second, tangible "yes, I am here and I authorise this" gesture before an action goes through. So the layers stack like this: biometric unlock proves it is you on the device, the card tap proves you physically hold the companion, and the Hot Wallet's dual custody ensures that even an authorised request still needs both keys to actually settle on-chain. The card strengthens the front door; dual custody governs the vault. They complement each other; they are not the same thing.
The card-loss scenario
The honest version of the threat model is reassuring precisely because the card was never your keys. If you lose the card, you have not lost your wallet, and nobody who finds it can drain your funds with it. Here is what actually happens, in order:
- The card is not your only key, so losing it does not move funds. It cannot sign a transaction on its own — your keys remain in the non-custodial WATS apps, and the Hot Wallet's dual custody still requires both keys to authorise anything. A found card, in isolation, is an inert piece of metal.
- Keep using the WATS mobile app or Chrome extension. Your access does not depend on the physical card. You can continue to send, receive, swap and manage your wallet through the apps exactly as before while you sort out a replacement.
- Order a replacement card from the WATS store. A new card is a new authentication companion you can pair to your existing wallet; it restores the tap-to-authenticate and tap-to-sign convenience you lost.
- Follow the WATS docs for the exact recovery steps. The precise flow for re-pairing a replacement and revoking the old card is documented and may be updated over time, so treat the official WATS documentation — not this article — as the authoritative, step-by-step source.
The reason we can frame card loss so calmly is the same reason we refuse to call the card a cold wallet: it was designed to not be a single point of failure. A device that holds your keys turns loss into catastrophe. An authentication companion turns loss into an inconvenience.
Where to go next
If you want the product-level overview of the card — materials, finishes and how to get one — start at the WATS NFC Metal Card page. If you are weighing this tap-to-authenticate approach against key-storage cold cards from other vendors and trying to decide which philosophy fits your own threat model, read our companion guide, Best Web3 wallets with an NFC metal card, which lays the two designs side by side without pretending one is universally better than the other.
FAQ
Does the WATS NFC Metal Card store my private keys?
No. The card is a tap-to-authenticate companion and a secured NFC tag — it does not hold your private keys. Your keys live in the non-custodial WATS mobile app and Chrome extension, and the card simply authenticates access and enables NFC tap-to-sign.
If someone finds my card, can they steal my funds?
No. The card cannot move funds on its own. It is not a standalone cold wallet, and the WATS Hot Wallet's dual-custody model requires both your user key and the WATS key before any transaction can settle. A lost card, by itself, cannot drain a wallet.
Is the card a hardware secure element or a certified cold wallet?
No. It is an embedded NTAG 216 (NFC Forum Type 4) tag whose contactless handshake is secured with AES-128 over ISO/IEC 14443 at 13.56 MHz. We describe it accurately as a secured NFC authentication card, not as a certified secure-element key vault.